Category: BBC Interview

ICO Announces £750K Potential Fine for Data Breach

The Information Commissioner’s Office has today announced that it intends to fine the Police Service of Northern Ireland (PSNI) £750,000 for a personal data breach.

The proposed fine (Notice of Intent) relates to an incident  which occurred last summer. In response to a Freedom of Information (FoI) request, the PSNI mistakenly divulged information on “every police officer and member of police staff”, a senior officer said at the time. The FoI request, via the What Do They Know.Com website, had asked the PSNI for a breakdown of all staff rank and grades. But as well as publishing a table containing the number of people holding positions such as constable, a spreadsheet was included. This contained the surnames of more than 10,000 individuals, their initials and other data, but did not include any private addresses. The information was published on the WDTK website for more than two hours. At the time the breach was reported, Ibrahim Hasan gave an interview to BBC Radio Ulster (Listen here.)

The ICO says that the proposed fine could be imposed on the PSNI “for failing to protect the personal information of its entire workforce.” It has provisionally found the PSNI’s internal procedures and sign-off protocols for the safe disclosure of information were inadequate. 

The fact that the ICO is proposing a large fine is not surprising. The scale of the PSNI data breach is huge. The release of the names exposes individuals who are regularly targeted by terrorist groups. The PSNI has previously confirmed that the information was in the hands of dissident republicans, among others. 

It is important to note that this is not a fine. It is a ‘Notice of Intent’– a legal document that precedes a potential fine. Such a notice sets out the ICO’s provisional view which may of course change after PSNI makes representations. Remember we have been here before. In July 2018 British Airways was issued with a Notice of Intent, for cyber security breach, in the sum of £183 Million but the actual fine was for £20 million issued in July 2020. In November 2020 Marriott International Inc was fined £18.4 million, much lower than the £99 million set out in the original notice.

PSNI has also been issued with a preliminary Enforcement Notice, requiring the Service to improve the security of personal information when responding to FOI requests.

We have two workshops coming up in September (Introduction to Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to up skill their employees about data security. See also our Managing Personal Data Breaches Workshop.  

image credits: visitderry.com

AI and ChatGPT: Ibrahim Hasan on BBC News Arabic

2023 so far has been all about the rise of artificial intelligence (AI). Alongside the privacy issues, there have been concerns over the potential risks, including its threat to jobs and the spreading of misinformation and bias. AI could replace the equivalent of 300 million full-time jobs, a report by investment bank Goldman Sachs says. It could replace a quarter of work tasks in the US and Europe but may also mean new jobs and a productivity boom. 

Our director, Ibrahim Hasan, recently gave his thoughts on AI machine learning and ChatGPT to BBC News Arabic. You can watch here. If you just want to hear Ibrahim “speak in Arabic” skip the video to 2min 48 secs. 

Friends in the UAE, may be interested in our UAE privacy programme which includes courses on UAE and Middle East data protection laws.

We have run many in-house courses, gap analysis and audit services for clients in the Middle East including the UAE, Saudi Arabia and Qatar. If you are interested in any of these services, please contact us here.

Our forthcoming AI and Machine Learning workshop will explore the common challenges that this subject presents focussing on GDPR as well as other information governance and records management issues. 

Spring Offer: Get 10% off on all day courses and special discounts on GDPR certificates. Limited time. Terms and Conditions apply. Book Now!

FOI Under Attack

Last week, a government minister called the Freedom of Information Act (FOI) a “truly malign piece of legislation”. Lord Callanan, a minister at the Department for Business, Energy & Industrial Strategy, made the comments during a parliamentary debate. He was defending the government’s decision that FOI should not apply to a new Defence research agency

It is not surprising that a government minister has expressed his dislike of FOI. The Act is very popular amongst politicians but only when they are in opposition. This view rapidly changes when they take up government positions and are on the receiving end of FOI requests. Tony Blair introduced the Act but regretted it in his memoirs, calling himself “a naive, foolish, irresponsible nincompoop”.

This new attack on FOI is not just about the Advanced Research and Invention Agency (ARIA) and whether it should be subject to FOI. This a minister expressing his frustrations about legislation which has no doubt made the Government’s life more difficult especially during the Pandemic. Information requests have been made about key government decisions, the actions of advisers in allegedly breaking lockdown rules (Barnard Castle) and the award of lucrative PPE supplies contracts to companies who seemingly have little experience of the health sector. In July, the Information Commissioner launched an investigation into reports that ministers and senior officials have been using private correspondence channels, such as Whatsapp and private email accounts, to conduct sensitive official business. 

FOI allows the public to see how their money is being spent. It is extraordinary that a body like ARIA, which is responsible for spending £800 million of public funds over four years, should be free from the scrutiny that applies to the whole public sector including small parish councils. ARIA will be tasked with handing out lucrative research contracts and so the public have a right to know how their money will be spent.

Fees

Lord Callanan also said that charging the public fees for requesting government information was an “excellent idea”. This idea has also been backed by the incoming Information Commissioner, John Edwards. He told a committee of MPs in September that it was “legitimate” to ask the public to meet the cost of digging out the relevant information.

One of the governments arguments for introducing fees is that it costs money to deal with complex freedom of information request. However the current legislation already allows for fees to be charged if a request takes more than 18 hours to deal with or 24 hours if made to a government department. 

Introducing a flat fee or fees for all requests, will undermine the public’s trust in government. At a time when the economy is weak and the cost of living is going up, why should the public have to pay for information that has been gathered by public bodies using public funds? In a sense they would be asked to pay for it twice. Fees also mean that only the rich would be able to scrutinise and challenge decisions made by public bodies which affect their lives. 

It could be that Lord Callanan’s comments signal the start of a government attempt to weaken FOI. If this is the case, bearing in mind Boris Johnson’s parliamentary majority, we should all be concerned. The Government must lead by example and not weaken FOI because it is a hindrance.

Watch Ibrahim Hasan’s interview with RT News here.

Looking for an FOI qualification? We have one place left on our online FOI Practitioner Certificate course starting in January. 

Labour Relations Agency Data Breach: Ibrahim Hasan’s BBC Interview

95505eee-53d6-4784-89be-605782852235-2

The Labour Relations Agency in Northern Ireland has apologised for sharing the email addresses and, in some cases the names, of more than 200 service users.

https://www.bbc.co.uk/news/uk-northern-ireland-58988092

Here is Ibrahim Hasan’s interview with BBC Radio Ulster:

More media interviews by Ibrahim here.

Footballers’ Personal Data: Ibrahim Hasan’s BBC Interview

fringer-cat-hddmxlpafgo-unsplash

On Tuesday there was an interesting story in the media about a group of footballers threatening legal action and seeking compensation for the trade in their personal data. 

The use of data is widespread in every sport. It is not just used by clubs to manage player performance but by others such as betting companies to help them set match odds. Some of the information may be sold by clubs whilst other information may be collected by companies using public sources including the media.

Do footballers have rights in relation to this data? Can they use the GDPR to seek compensation for the use of their data?

On Tuesday, Ibrahim Hasan gave an interview to BBC Radio 4’s (PM programme) about this story. You can listen below:

This and other GDPR developments will be discussed in detail on our forthcoming GDPR Update workshop. We have a few places left on our Advanced Certificate in GDPR Practice course starting in November.

Care Home Records: My BBC Interview

Screenshot 2020-12-07 at 09.23.38

Ibrahim Hasan writes… 

Data Protection law is about protecting peoples’ human rights. When organisations fail to comply, it can have a big impact on peoples’ lives. I was proud to work with the BBC on a recent story which highlights the importance of protecting the personal data of some of the most vulnerable in society. 

Thanks to tenacious journalism by Ben Moore and Tobey Wadey, piles of patient data which were left unsecured in an abandoned care home, more than four years after it was shut down, were finally removed. It included care plans, bank details and photos of injuries we well as information about relatives. The Information Commissioner is now on the case. 

You can watch the BBC report, which includes an interview with me here.   

The BBC website feature can be read here